Lately, a big question on everyone's mind has been: Do I have to give my password to customs agents?

As anyone who’s ever watched any cop show knows, the Fifth Amendment gives you the right to remain silent and to refuse to provide evidence against yourself – even at the border. If a CBP agent orders you to unlock your device or provide a password, you have a Fifth Amendment right to refuse to do so. You might simply say "no." In addition, you may tell the agent that you choose to remain silent and want to speak to an attorney, even if you don't have one retained yet. That choice may not stop CBP agents from pressuring you to “voluntarily” talk to them, but they are supposed to stop questioning you once you ask for a lawyer. Also, beware that government agents are permitted to lie to you in order to convince you to waive your right to remain silent, but you can be criminally prosecuted if you lie to them.

CBP agents are unlikely to advise you that you have this choice because the government generally argues that suchwarnings are only required if you are taken into “custody” and subjected to a criminal prosecution. And at least one federal court of appeals has determined that secondary inspection – the separate interview area you get referred to if the CBP officer can’t readily verify your information at the initial port of entry – doesn’t qualify as “custody.”

But you don’t have to be in custody or subject to a criminal prosecution before you choose to invoke your Fifth Amendment rights to remain silent or to object to being deprived of your property without due process of law. For example, the Second Circuit Court of Appeals has held that a person’s request for an attorney is enough to invoke the privilege against self-incrimination, even at the border.

And that privilege includes refusing to provide the password to your device. For example, in 2015, a Pennsylvania court held that you may properly invoke the Fifth Amendment privilege to avoid giving up your cell phone passcode – even to an employer’s phone – because your passcode is personal in nature and producing it requires you to speak or testify against yourself.

Some courts have been less protective, overriding Fifth Amendment protections where the information sought is a so-called “foregone conclusion.” In 2012, a Colorado court ordered a defendant to provide the password to her laptop, only after the government had obtained a search warrant based on the defendant’s admission that there was specific content on her laptop and that the laptop belonged to her. On appeal, the Eleventh Circuit clarified that the government "must [first] show with some reasonable particularity that it seeks a certain file and is aware, based on other information, that . . . the file exists in some specified location" and that the individual has access to the desired file or is capable of decrypting it.

So, Fifth Amendment protections do apply at the border, and they protect your right to refuse to reveal your password in most circumstances. That said, individuals passing through the border sometimes choose to surrender their account information and passwords anyway, in order to avoid consequences like missing their flight, being made subject to more constrictive or prolonged detention, or being denied entry to the US.

As we have noted in our Digital Border Search Whitepaper, the consequences for refusing to provide your password(s) are different for different classes of individuals. If you are a U.S. citizen, CBP cannot detain you indefinitely as you have a right to re-enter the country. However, agents may escalate the encounter (for example, by detaining you for more time), or flag you for heightened screening during future border crossings. If you are a lawful permanent resident, agents may also raise complicated questions about your continued status as a resident. If you are a foreign visitor, agents might deny you entry to the country entirely.

But whatever your status, whether you choose to provide your passwords or not, border agents may decide to seize your digital devices. While CBP guidelines set a five-day deadline for agents to return detained devices unless a CBP supervisor approves a lengthier detention, in practice, device detentions commonly last many months.

As always, we want to hear from you if you experience harm or harassment from CBP for choosing to protect your digital data. We’re still collecting stories of border search abuses at: borders@eff.org

Mass arrests that sweep up journalists — enabling police and prosecutors to collect electronic evidence they might not otherwise have access to — threatens the independence of the press, said Stephanie Lacambra, a staff attorney at the Electronic Frontier Foundation. The EFF has been working with Jan. 20 arrestees to...

This post is an UPDATE to a piece we originally published last week. Verizon recently rolled out a new pilot project to pre-install on customers’ devices an app launcher/search tool that, we believe, is really just spyware. This software, called AppFlash, is preloaded on a new model...

More than 325,000 people enter the United States via airports every day, with hundreds of thousands more crossing by land at the borders. Not only is that a lot of people, it’s also a lot of computers, smartphones, and tablets riding along in our pockets, bags, and trunks...

UPDATE: We have received additional information from Verizon and based on that information we are withdrawing this post while we investigate further. Here is the statement from Kelly Crummey, Director of Corporate Communications of Verizon: "As we said earlier this week, we are testing AppFlash to make app discovery better...

Richmond, Virginia—Border agents must obtain a warrant to search travelers’ phones, tablets, and laptops, which contain a vast trove of sensitive, highly personal information that is protected by the Fourth Amendment, the Electronic Frontier Foundation (EFF) told a federal appeals court today. Searches of devices at the border...

Wikileaks today released documents that appear to describe software tools used by the CIA to break into the devices that we all use at home and work. While we are still reviewing the material, we have not seen any indications that the encryption of popular privacy apps such as Signal...

On Wednesday, Motherboard showed how powerful off-the-shelf, $170 spyware really is. For a day, I used a piece of software on my phone to surreptitiously collect GPS location data, intercept phone calls, and silently steal photos. What can potential victims of this type of surveillance do to check if...

"Sharing" or "gig economy" companies like Uber and Airbnb continued to grow in 2016, meaning their data protection and privacy practices came into sharp focus as millions of Americans turned to these young companies for everything from rides to the airport to renting an apartment instead of a hotel room...

We’re pleased to announce our slick new app, an updated version of EFF Alerts. Download it today from the Android store. Some of the key features: Receive push notifications for vital advocacy campaigns when your voice is needed most. Easily access all of the current advocacy campaigns...